Jonathan Simpson on 10 Jul 2013 05:36:31 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] https Certificates Question

If you're worried about IE users, make sure you test in IE6/xp if possible as well. It may not be as up to date as far as having certs included, and there are sadly still a lot of users running it.
On 7/10/2013 8:34 AM, Mail List wrote:
On Wed, 10 Jul 2013 07:40:45 -0400, David Coulson <>
On 7/10/13 7:35 AM, Mail List wrote:
I need to set up one of my apache web servers as a secure server with
https protocol.

I'm wondering about the costs and potential pitfalls in doing so.
What is the business case for SSL? Not to say you do it no matter the
cost, but in general if you need SSL there is justification to pay for
the cert.
I'm writing a web application that will have personal data.  The user will
log in with a password, and then enter data of a personal nature into forms
on the web page.

My user base will be very unsophisticated, so any type of scary
"certificate may not be valid" popup message would be unacceptable.   I
don't care about the groovy logo, since that won't drive any sales revenue.

Basically, I need to safeguard customer's data, and make the safeguarding
transparent to them.

So I guess I'll start with a one of the free certificates ( or and see how they work.  If I don't get any scary maessages when
using IE, I'm probably good to go.

Thanks to all for the comments and help!

A quick web search has found that commercial certificates from the "big
guys" are around $250/year.  However, I see that CAcert offers
for free.
CAcert isn't a universally trusted certificate authority, as they have
not gone through the same certification/auditing process as the large
commercial vendors. In general, I would never run anything production
using their certificates.
Can anyone point me to a good primer/reference for this, or let me know
how you fared establishing a secure web server?

I just buy certificates from Verisign (now Symantec). Maybe $500/yr for
a 'normal' cert, but never had any issues.

there is a smaller vendor - - who offer free certificates,
but not sure how widely they are supported. Comodo keep trying to sell
me stuff, and they are pretty cheap - Think they got compromised a while
ago, so we've avoided them.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --